pfkeyv2.h has defines for a number of obsolete algorithms we don't and
won't implement. These have been mechanically added to ipsecctl and
iked. I'd like to remove all traces of these zombies.
(SADB_X_AALG_DES designates DES-MAC authentication.)
ok?
Index: sys/net/pfkeyv2.h
===================================================================
RCS file: /cvs/src/sys/net/pfkeyv2.h,v
retrieving revision 1.70
diff -u -p -r1.70 pfkeyv2.h
--- sys/net/pfkeyv2.h 3 Nov 2015 01:50:36 -0000 1.70
+++ sys/net/pfkeyv2.h 1 Dec 2015 21:31:24 -0000
@@ -285,7 +285,6 @@ struct sadb_x_tap {
#define SADB_AALG_NONE 0
#define SADB_AALG_MD5HMAC 2
#define SADB_AALG_SHA1HMAC 3
-#define SADB_X_AALG_DES 4
#define SADB_X_AALG_SHA2_256 5
#define SADB_X_AALG_SHA2_384 6
#define SADB_X_AALG_SHA2_512 7
@@ -297,16 +296,10 @@ struct sadb_x_tap {
#define SADB_AALG_MAX 12
#define SADB_EALG_NONE 0
-#define SADB_X_EALG_DES_IV64 1
#define SADB_EALG_DESCBC 2
#define SADB_EALG_3DESCBC 3
-#define SADB_X_EALG_RC5 4
-#define SADB_X_EALG_IDEA 5
#define SADB_X_EALG_CAST 6
#define SADB_X_EALG_BLF 7
-#define SADB_X_EALG_3IDEA 8
-#define SADB_X_EALG_DES_IV32 9
-#define SADB_X_EALG_RC4 10
#define SADB_EALG_NULL 11
#define SADB_X_EALG_AES 12
#define SADB_X_EALG_AESCTR 13
Index: sbin/iked/pfkey.c
===================================================================
RCS file: /cvs/src/sbin/iked/pfkey.c,v
retrieving revision 1.47
diff -u -p -r1.47 pfkey.c
--- sbin/iked/pfkey.c 4 Nov 2015 12:40:49 -0000 1.47
+++ sbin/iked/pfkey.c 1 Dec 2015 21:32:29 -0000
@@ -69,16 +69,10 @@ struct pfkey_constmap {
};
static const struct pfkey_constmap pfkey_encr[] = {
- { SADB_X_EALG_DES_IV64, IKEV2_XFORMENCR_DES_IV64 },
{ SADB_EALG_DESCBC, IKEV2_XFORMENCR_DES },
{ SADB_EALG_3DESCBC, IKEV2_XFORMENCR_3DES },
- { SADB_X_EALG_RC5, IKEV2_XFORMENCR_RC5 },
- { SADB_X_EALG_IDEA, IKEV2_XFORMENCR_IDEA },
{ SADB_X_EALG_CAST, IKEV2_XFORMENCR_CAST },
{ SADB_X_EALG_BLF, IKEV2_XFORMENCR_BLOWFISH },
- { SADB_X_EALG_3IDEA, IKEV2_XFORMENCR_3IDEA },
- { SADB_X_EALG_DES_IV32, IKEV2_XFORMENCR_DES_IV32 },
- { SADB_X_EALG_RC4, IKEV2_XFORMENCR_RC4 },
{ SADB_EALG_NULL, IKEV2_XFORMENCR_NULL },
{ SADB_X_EALG_AES, IKEV2_XFORMENCR_AES_CBC },
{ SADB_X_EALG_AESCTR, IKEV2_XFORMENCR_AES_CTR },
@@ -91,7 +85,6 @@ static const struct pfkey_constmap pfkey
static const struct pfkey_constmap pfkey_integr[] = {
{ SADB_AALG_MD5HMAC, IKEV2_XFORMAUTH_HMAC_MD5_96 },
{ SADB_AALG_SHA1HMAC, IKEV2_XFORMAUTH_HMAC_SHA1_96 },
- { SADB_X_AALG_DES, IKEV2_XFORMAUTH_DES_MAC },
{ SADB_X_AALG_SHA2_256, IKEV2_XFORMAUTH_HMAC_SHA2_256_128 },
{ SADB_X_AALG_SHA2_384, IKEV2_XFORMAUTH_HMAC_SHA2_384_192 },
{ SADB_X_AALG_SHA2_512, IKEV2_XFORMAUTH_HMAC_SHA2_512_256 },
Index: sbin/ipsecctl/pfkdump.c
===================================================================
RCS file: /cvs/src/sbin/ipsecctl/pfkdump.c,v
retrieving revision 1.40
diff -u -p -r1.40 pfkdump.c
--- sbin/ipsecctl/pfkdump.c 4 Nov 2015 12:46:13 -0000 1.40
+++ sbin/ipsecctl/pfkdump.c 1 Dec 2015 21:32:04 -0000
@@ -141,7 +141,6 @@ struct idname sa_types[] = {
struct idname auth_types[] = {
{ SADB_AALG_NONE, "none", NULL },
- { SADB_X_AALG_DES, "des", NULL },
{ SADB_AALG_MD5HMAC, "hmac-md5", NULL },
{ SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", NULL },
{ SADB_AALG_SHA1HMAC, "hmac-sha1", NULL },
@@ -159,19 +158,13 @@ struct idname enc_types[] = {
{ SADB_EALG_NONE, "none", NULL },
{ SADB_EALG_3DESCBC, "3des-cbc", NULL },
{ SADB_EALG_DESCBC, "des-cbc", NULL },
- { SADB_X_EALG_3IDEA, "idea3", NULL },
{ SADB_X_EALG_AES, "aes", NULL },
{ SADB_X_EALG_AESCTR, "aesctr", NULL },
{ SADB_X_EALG_AESGCM16, "aes-gcm", NULL },
{ SADB_X_EALG_AESGMAC, "aes-gmac", NULL },
{ SADB_X_EALG_BLF, "blowfish", NULL },
{ SADB_X_EALG_CAST, "cast128", NULL },
- { SADB_X_EALG_DES_IV32, "des-iv32", NULL },
- { SADB_X_EALG_DES_IV64, "des-iv64", NULL },
- { SADB_X_EALG_IDEA, "idea", NULL },
{ SADB_EALG_NULL, "null", NULL },
- { SADB_X_EALG_RC4, "rc4", NULL },
- { SADB_X_EALG_RC5, "rc5", NULL },
{ SADB_X_EALG_CHACHA20POLY1305, "chacha20-poly1305", NULL },
{ 0, NULL, NULL }
};
--
Christian "naddy" Weisgerber [email protected]
